ISO9001 for quality management is the world’s most recognised international standard. It demonstrates that your organization can consistently provide products and services that meet your customer needs and adhere to regulatory requirements. If you are looking to win more business, reduce costs and improve productivity, then ISO9001 is the right option.
There are 4 main stages to implement ISO9001 Quality Management System (QMS) within an organization. Within each stage there are a number of requirements that must be achieved before going for certification.
Stage one is the planning stage as you prepare your gap assessments, identify your scope, role out your employee awareness campaigns and learn the steps to implement ISO9001.
You need to know what you already have in place prior to producing a project plan. The gap assessment will provide you with that information. This is also useful information to help gain buy-in from senior management, as you will be able to produce a clearer idea of the resources and time required to get ready for certification.
Once you have the support from senior management an action plan to cover all the outstanding requirements identified in the gap assessment is produced. As with all project plans, this should set out what needs doing, time frames and the person responsible for doing it.
It is important to know what the QMS is going to cover. It may not cover every aspect of the business and the scope should clearly state what is in and out of the QMS.
Interested parties need to be identified. These are entities, people, or organizations, that could have an influence on, or requirement from the QMS. These must be identified and documented.
This is also a good time to deliver employee awareness presentations. Change affects people in different ways, so a series of awareness sessions that explains to the employees what is happening, why it is happening, the benefits and what it means to them early on will help to gain their buy-in and assistance.
Stage two is working through the project plan. The main requirements here are:
If you haven’t already mapped your processes, now is the time to do it. Processes that have an impact on the quality of your products or services may need to be documented in the form of Standard Operating Procedures (SOP). This will also help identify where processes interact with each other that could have an impact upon the QMS.
Documents that are required by the QMS, these include SOPs, forms, minutes of meetings, spreadsheets, etc., must be identified and properly referenced. There is a clear requirement within ISO9001 for document control and a numbering protocol for all QMS documentation must be implemented.
Risks and opportunities for the interested parties identified early must be reviewed, with actions to address those risks and potential opportunities. This would include identifying a responsible person to implement those actions and monitor the results.
QMS objectives need to be devised. It is important to remember these are objectives to improve the QMS and are not Business Objectives. These must be documented, timebound and measurable.
The roles and responsibilities of those who are closely involved in the QMS must be defined and any additional training identified and undertaken to ensure that these individuals are competent in their allocated positions.
Stage three is the embedment of the QMS. Effectively the test drive of the system to check that everything you have done previously is working, and that you’re well on your way to implementing ISO9001.
If you haven’t done so already, this is a good time to do another gap assessment to check there is nothing missing. Sometimes it is easy to overlook something when you are busy in other areas. This can be crossed checked against the outcomes of the project plan.
Prior to certification you must have had at least one internal audit and evidence of doing so. There are a couple of ways of doing this depending on size and resource. If you are a small business, you may opt to hire an external consultant to come in and conduct the internal audits. If you are a bigger business, then you could have two or more of your employees trained to be internal auditors. They must be from different departments/divisions as they cannot audit their own area. One will also need to be trained as a lead auditor.
You should try and audit each area that is covered by the QMS before the certification audit. This is a good opportunity to ensure that everything is in place and any problems ironed out.
Another requirement prior to certification is to conduct a management review of the QMS. This should happen after some internal audits have taken place. All areas of the QMS should be reviewed, including the effectiveness of the QMS objectives and the results of internal audits.
A final check of your QMS, then if you are happy it is time to look for a Registered Certification Body (RCB). There are many out there and some may specialise in your business sector. Prices may also vary widely, so research and gathering quotes is recommended. Once you have decided upon your RCB and engaged them they will explain the certification process. This is a two-part process.
The RCB will review the QMS documentation. If you have a lot of documented processes and forms, they will look at a sample of them. If the documentation passes their assessment, you will proceed to part two.
The audit. The RCB will visit the site, or sites and conduct the certification audit. This will include checking you are compliant with the requirements of the standard, the awareness of the QMS with staff, actions you have taken when you have identified problems through internal audits have been completed and that your objectives are relevant and being reviewed.
On completion of a successful audit, you will be issued with your certificate. The certification cycle lasts for three years. ISO standards are all about continual improvement, so annually for two years after your certification the RCB will conduct a surveillance audit to check that you are still compliant, and on year three you will have a full re-certification audit where you will be presented with a renewed certificate.
For more guidance on implementing the ISO9001:2015 standard, we’ve put together a list of our best free resources including sample documents, blogs and downloadable documents.